Cyber worm has a very real bite

On July 7 night, the INSAT 4B satellite suffered a partial failure when quite a few transponders shut down unexpectedly due to a solar panel failure.
The glitch has still not been resolved and the Indian Space Research Organisation (ISRO) announced late last month that it was going to repl

On July 7 night, the INSAT 4B satellite suffered a partial failure when quite a few transponders shut down unexpectedly due to a solar panel failure.

The glitch has still not been resolved and the Indian Space Research Organisation (ISRO) announced late last month that it was going to replace the satellite with GSAT 5 by December this year.

Various reasons are being ascribed for the failure, but one of them is coming from a US based cyber security expert who is claiming that the failure is a result of a very sophisticated computer worm that has been written and propagated by the Chinese.

ISRO has poohpoohed this, pointing out that the worm could have struck the satellite's programme logic controller, but the Insat 4B doesn't have one. It has an indigenously designed software to control the logic of the spacecraft.

Harm

That worm is known as 'Stuxnet' and was first discovered in the month of June this year. It is the first worm that attacks Windows based industrial control systems which operate on the Siemens' WinCC/PC 7 SCADA software and also monitors and reprogrammes them by altering the programme logic controllers, which are generally used in power plants and gas pipelines.

The worm is quite complex- it is unusually large in size, written in a few programming languages, contacts its command and control server for updates and instructions, exploits four zero-day attacks and is digitally signed and propagated (with two stolen authentic certificates).

Having all the above features in one particular worm is quite unknown in the number of worms and viruses discovered so far.

There have been many efforts to identify the source of the attacks and there have been comments that this is a very well planned attack which could only have been authored by some high level organisation of some leading country.

There have been many reports that the nuclear facilities in Iran were the actual target of these attacks, and it is generally believed that the worms were planted in the computers of the nuclear scientists in Iran through the memory sticks, and not via the internet.

Most of the computer security companies have come out with indicative numbers of the extent of the damage- Iranian networks were the most affected, followed by those in Indonesia. The Indian damage was at a relatively lesser scale. Even networks in the US and Germany were affected.

Iranian networks accounted for almost 60 per cent of the total worms. According to a Symantec report on the scale of the attack, Iran had more than 60,000 computers successfully infected, compared to about 6,500 in India.

With such a geographical and targeted spread and the package involved, the Stuxnet attacks have shaken the world.

The fact that today most of our critical systems function on computer and network based systems, and that such networks have been successfully targeted, has sent shivers down a lot of spines.

What is more alarming is that despite all the protection and the anti-virus and intrusion detection systems such infrastructure is still penetrable, and a major attack could cripple the system and also result in some major industrial disaster.

Such successful attacks have also raised concerns over the pace at which nations are looking at cyber warfare and its tools. Worms like Stuxnet are clearly the kind of tools to bring down networks of adversaries and cripple their systems.

Digital warfare will have soft targets and an added outreach through computer networks will be enabled with such tools. So suddenly the threat of cyber warfare seems much more credible and one form of attack has already been visualised.

Suspicion

However, it is also interesting to note the list of countries that have been thought to be behind Stuxnet.

Heading the list is the United States which today is the most digitally advanced nation and most of the suspicion arises from the fact that the Iranian networks were primarily targeted.

But the US has receded into the background and the needle of suspicion is now hovering over Israel which has never made any bones over targeting Iranian nuclear plants.

Also of some interest is the presence of references to Biblical characters in the text of the codes of the worm. A large number of countries and experts believe that Israel is pursuing a very high level of offensive cyber warfare programmes and sooner or later they will start targeting foreign and enemy networks.

Some experts have also brought in the China angle and this is something which most of the Western countries have been referring for quite sometime now.

The fears around Chinese cyber attacks in its various manifestations like defacing websites to the more serious areas like planting of deadly worms and launching of distributed denial of service attacks of critical networks are already something that has been publicly mentioned in the past, and Indian networks happens to be a serious target for these designs.

The popular belief today that events in the political world have reflections in the cyberspace has been witnessed a few times in the case of China where some form of retaliation is witnessed in digital form.

Security

Today cyber warfare has already become a means of intervention that many nations are actively pursuing, despite all understanding of its implications. After the option of space as a battlefield, cyberspace also seems to have come in.

But the impact here would be much more pronounced and severe as there would be a sizeable participation of non-state actors along with the state actors.

Stuxnet, which has had a severe impact, could be one such instance where the actual attacker remains still unknown.

The fear is now growing of the emergence of a situation in the near future where nations, and the groups they sponsor, could start a regular cyber attack duel resulting in disruptions if not complete destruction of networks and industrial systems.

It is not that the global community has not raised the matter at a multilateral forum, but the impact and the progress has been poor.

In 2009, the UN Secretary General appointed a 20 nation Group of Governmental Experts (GGE) to report back on the impact of information communication technology on international security.

This comes after a failed attempt, way back in 2004, under similar lines where nations failed to come to a common understanding of the steps to be taken to address the issue.

Already four rounds of meetings have taken place and the final report is expected to be submitted in November this year. The good news is that nations have shown much maturity this time in the deliberations and identifying some common ground.

But whether that would result in some treaty relating to cyberspace is yet a far call. This is a worthy endeavour, although a complex one, especially since geography means little in matters of cyberspace.

The author heads a defence MNC in India and the views are personal.

Do You Like This Story? Awesome! Now share the story Too bad. Tell us what you didn't like in the comments